Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5249953d authored by Harsh Abichandani's avatar Harsh Abichandani
Browse files

Updated liblp fuzzers. 

Added a check to avoid possible NPD when duplicate partitions are created and changed slot value range which is being fetched using FuzzedDataProvider.

exec/s: 16440
Test: ./liblp_builder_fuzzer
exec/s: 26412
Test: ./liblp_super_layout_builder_fuzzer
exec/s: 9178
Test: ./liblp_apis_fuzzer
Bug: 307978015

Change-Id: I63abc828cc3f4c44c1dd89a01acfb33dc08813b8
parent 8fbaaa33

fs_mgr/liblp/fuzzer/README.md

+16 −22
Original line number Diff line number Diff line
@@ -18,15 +18,14 @@ LiblpBuilder supports the following parameters: 
9. alignmentOffset (parameter name: "alignment_offset")

10. logicalBlockSize (parameter name: "logical_block_size")

11. maxMetadataSize (parameter name: "max_metadata_size")

12. numSlots (parameter name: "metadata_slot_count")

13. deviceIndex (parameter name: "device_index")

14. start (parameter name: "start")

15. end (parameter name: "end")

16. addedGroupName (parameter name: "group_name")

17. partitionGroupName (parameter name: "partition_name")

18. numSectors (parameter name: "num_sectors")

19. physicalSector (parameter name: "physical_sector")

20. resizedPartitionSize (parameter name: "requested_size")

12. deviceIndex (parameter name: "device_index")

13. start (parameter name: "start")

14. end (parameter name: "end")

15. addedGroupName (parameter name: "group_name")

16. partitionGroupName (parameter name: "partition_name")

17. numSectors (parameter name: "num_sectors")

18. physicalSector (parameter name: "physical_sector")

19. resizedPartitionSize (parameter name: "requested_size")



| Parameter| Valid Values| Configured Value|

|------------- |-------------| ----- |
@@ -41,7 +40,6 @@ LiblpBuilder supports the following parameters: 
|`alignmentOffset`| Integer |Value obtained from FuzzedDataProvider|

|`logicalBlockSize`| Integer |Value obtained from FuzzedDataProvider|

|`maxMetadataSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|

|`numSlots`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|

|`deviceIndex`| Integer |Value obtained from FuzzedDataProvider|

|`start`| Integer |Value obtained from FuzzedDataProvider|

|`end`| Integer |Value obtained from FuzzedDataProvider|
@@ -67,17 +65,15 @@ SuperLayoutBuilder supports the following parameters: 
1. kAttributeTypes (parameter name: "attribute")

2. blockDevSize (parameter name: "blockdev_size")

3. metadataMaxSize (parameter name: "metadata_max_size")

4. metadataSlotCount (parameter name: "metadata_slot_count")

5. partitionName (parameter name: "partition_name")

6. data (parameter name: "data")

7. imageName (parameter name: "image_name")

4. partitionName (parameter name: "partition_name")

5. data (parameter name: "data")

6. imageName (parameter name: "image_name")



| Parameter| Valid Values| Configured Value|

|------------- |-------------| ----- |

|`kAttributeTypes`| 1.`LP_PARTITION_ATTR_NONE`,<br/> 2.`LP_PARTITION_ATTR_READONLY`,<br/> 3.`LP_PARTITION_ATTR_SLOT_SUFFIXED`,<br/> 4.`LP_PARTITION_ATTR_UPDATED`,<br/> 5.`LP_PARTITION_ATTR_DISABLED`|Value obtained from FuzzedDataProvider|

|`blockDevSize`| Integer value from `0` to `100000`|Value obtained from FuzzedDataProvider|

|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|

|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|

|`partitionName`| String |Value obtained from FuzzedDataProvider|

|`data`| String |Value obtained from FuzzedDataProvider|

|`imageName`| String |Value obtained from FuzzedDataProvider|
@@ -102,12 +98,11 @@ LiblpAPIs supports the following parameters: 
4. logicalBlockSize (parameter name: "logical_block_size")

5. blockDevSize (parameter name: "blockdev_size")

6. metadataMaxSize (parameter name: "metadata_max_size")

7. metadataSlotCount (parameter name: "metadata_slot_count")

8. blockDeviceInfoName (parameter name: "block_device_info_name")

9. numSectors (parameter name: "num_sectors")

10. physicalSector (parameter name: "physical_sector")

11. sparsify (parameter name: "sparsify")

12. buffer (parameter name: "data")

7. blockDeviceInfoName (parameter name: "block_device_info_name")

8. numSectors (parameter name: "num_sectors")

9. physicalSector (parameter name: "physical_sector")

10. sparsify (parameter name: "sparsify")

11. buffer (parameter name: "data")



| Parameter| Valid Values| Configured Value|

|------------- |-------------| ----- |
@@ -117,7 +112,6 @@ LiblpAPIs supports the following parameters: 
|`logicalBlockSize`| Integer |Value obtained from FuzzedDataProvider|

|`blockDevSize`| Integer value in multiples of `LP_SECTOR_SIZE`|Value obtained from FuzzedDataProvider|

|`metadataMaxSize`| Integer value from `0` to `10000` |Value obtained from FuzzedDataProvider|

|`metadataSlotCount`| Integer value from `0` to `2` |Value obtained from FuzzedDataProvider|

|`blockDeviceInfoName`| String |Value obtained from FuzzedDataProvider|

|`numSectors`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|

|`physicalSector`| Integer value from `1` to `1000000` |Value obtained from FuzzedDataProvider|

fs_mgr/liblp/fuzzer/liblp_apis_fuzzer.cpp

+9 −10
Original line number Diff line number Diff line
@@ -39,8 +39,6 @@ static constexpr uint32_t kValidAlignmentOffset = 0; 
static constexpr uint32_t kValidLogicalBlockSize = 4096;

static constexpr uint32_t kMinMetadataSize = 0;

static constexpr uint32_t kMaxMetadataSize = 10000;

static constexpr uint32_t kMinSlot = 0;

static constexpr uint32_t kMaxSlot = 10;

static constexpr uint32_t kMinFactor = 0;

static constexpr uint32_t kMaxFactor = 10;

static constexpr uint32_t kMetadataGeometrySize = 4096;
@@ -108,7 +106,7 @@ void LiplpApisFuzzer::setupBuilder() { 
    uint32_t randomMetadataMaxSize =

            mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataSize, kMaxMetadataSize);

    uint32_t metadataMaxSize = mFdp.ConsumeBool() ? kMetadataSize : randomMetadataMaxSize;

    uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);

    uint32_t metadataSlotCount = mFdp.ConsumeBool() ? 0 : 1;

    mBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);



    if (mBuilder.get()) {
@@ -128,16 +126,17 @@ void LiplpApisFuzzer::setupBuilder() { 
        Partition* super = mBuilder->AddPartition(mSuperPartitionName, LP_PARTITION_ATTR_READONLY);

        mBuilder->AddPartition(mPartitionName, LP_PARTITION_ATTR_READONLY);



        if (super) {

            int64_t numSectors = mFdp.ConsumeBool() ? mFdp.ConsumeIntegralInRange<uint64_t>(

                                                              kMinSectorValue, kMaxSectorValue)

                                                    : kValidNumSectors;

            int64_t physicalSector = mFdp.ConsumeBool() ? mFdp.ConsumeIntegralInRange<uint64_t>(

                                                                  kMinSectorValue, kMaxSectorValue)

                                                        : kValidPhysicalSector;



            mBuilder->AddLinearExtent(super, mBlockDeviceInfoName, numSectors, physicalSector);

        }

    }

}



void LiplpApisFuzzer::process() {

    BlockDeviceInfo superInfo = getBlockDevice();

fs_mgr/liblp/fuzzer/liblp_builder_fuzzer.cpp

+19 −20
Original line number Diff line number Diff line
@@ -48,8 +48,6 @@ static constexpr uint32_t kMaxMetadataValue = 10000; 
static constexpr uint32_t kZeroAlignment = 0;

static constexpr uint32_t kZeroAlignmentOffset = 0;

static constexpr uint32_t kMaxBytes = 20;

static constexpr uint32_t kMinSlot = 0;

static constexpr uint32_t kMaxSlot = 10;

static constexpr uint32_t kMinBuilder = 0;

static constexpr uint32_t kMaxBuilder = 4;
@@ -108,9 +106,7 @@ void BuilderFuzzer::selectRandomBuilder(int32_t randomBuilder, string superBlock 
    switch (randomBuilder) {

        case 0: {

            uint32_t maxMetadataSize = getParamValue(kValidMaxMetadataSize);

            uint32_t numSlots = mFdp.ConsumeBool()

                                        ? kMaxSlot

                                        : mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);

            uint32_t numSlots = mFdp.ConsumeBool() ? 0 : 1;

            mBuilder = MetadataBuilder::New(mBlockDevices, superBlockDeviceName, maxMetadataSize,

                                            numSlots);

            break;
@@ -120,14 +116,14 @@ void BuilderFuzzer::selectRandomBuilder(int32_t randomBuilder, string superBlock 
                    mFdp.ConsumeIntegralInRange<uint64_t>(kMinBlockDevValue, kMaxBlockDevValue);

            uint32_t metadataMaxSize =

                    mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataValue, kMaxMetadataValue);

            uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);

            uint32_t metadataSlotCount = mFdp.ConsumeBool() ? 0 : 1;

            mBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);

            break;

        }

        case 2: {

            uint64_t blockDevSize = getParamValue(kValidBlockSize);

            uint32_t metadataSize = getParamValue(kValidMetadataSize);

            uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);

            uint32_t metadataSlotCount = mFdp.ConsumeBool() ? 0 : 1;

            mBuilder = MetadataBuilder::New(blockDevSize, metadataSize, metadataSlotCount);

            break;

        }
@@ -213,13 +209,13 @@ void BuilderFuzzer::callChangePartitionGroup() { 
void BuilderFuzzer::callVerifyExtentsAgainstSourceMetadata() {

    uint64_t sourceBlockDevSize = getParamValue(kValidBlockSize);

    uint32_t sourceMetadataMaxSize = getParamValue(kValidMetadataSize);

    uint32_t sourceSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 2);

    uint32_t sourceSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 1);

    auto sourceBuilder =

            MetadataBuilder::New(sourceBlockDevSize, sourceMetadataMaxSize, sourceSlotCount);



    uint64_t targetBlockDevSize = getParamValue(kValidBlockSize);

    uint32_t targetMetadataMaxSize = getParamValue(kValidMetadataSize);

    uint32_t targetSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 2);

    uint32_t targetSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(0, 1);

    auto targetBuilder =

            MetadataBuilder::New(targetBlockDevSize, targetMetadataMaxSize, targetSlotCount);
@@ -292,9 +288,11 @@ void BuilderFuzzer::invokeBuilderAPIs() { 


                        int64_t numExtents =

                                mFdp.ConsumeIntegralInRange<int64_t>(kMinElements, kMaxElements);

                        if (mFuzzPartition) {

                            bool extentAdded = false;

                            for (int64_t i = 0; i <= numExtents; ++i) {

                            extentAdded = mBuilder->AddLinearExtent(mFuzzPartition, kDeviceInfoName,

                                extentAdded =

                                        mBuilder->AddLinearExtent(mFuzzPartition, kDeviceInfoName,

                                                                  numSectors, physicalSector);

                            }
@@ -304,6 +302,7 @@ void BuilderFuzzer::invokeBuilderAPIs() { 
                                        mFdp.ConsumeIntegralInRange<uint64_t>(kMinValue, kMaxValue);

                                mFuzzPartition->GetBeginningExtents(LP_SECTOR_SIZE * numExtents);

                            }

                        }

                    },

                    [&]() { callVerifyExtentsAgainstSourceMetadata(); },

                    [&]() { mBuilder->ListPartitionsInGroup(mFdp.PickValueInArray(mGroupNames)); },

fs_mgr/liblp/fuzzer/liblp_super_layout_builder_fuzzer.cpp

+7 −10
Original line number Diff line number Diff line
@@ -38,8 +38,6 @@ static constexpr uint32_t kSuperLayoutValidMetadataSize = 8_KiB; 
static constexpr uint32_t kMinMetadataValue = 0;

static constexpr uint32_t kMaxMetadataValue = 10000;

static constexpr uint32_t kMaxBytes = 20;

static constexpr uint32_t kMinSlot = 0;

static constexpr uint32_t kMaxSlot = 10;

static constexpr uint32_t kMinOpen = 0;

static constexpr uint32_t kMaxOpen = 2;
@@ -58,14 +56,14 @@ class SuperLayoutBuilderFuzzer { 
    void invokeSuperLayoutBuilderAPIs();

    void callRandomOpen(int32_t open);

    void addMultiplePartitions(int32_t numPartitions);

    void setupSuperLayoutBuilder(string fuzzPartitionName);

    void setupSuperLayoutBuilder();

    SuperLayoutBuilder mSuperLayoutBuilder;

    unique_ptr<MetadataBuilder> mSuperBuilder;

    unique_ptr<LpMetadata> mMetadata;

    bool mOpenSuccess = false;

};



void SuperLayoutBuilderFuzzer::setupSuperLayoutBuilder(string fuzzPartitionName) {

void SuperLayoutBuilderFuzzer::setupSuperLayoutBuilder() {

    uint64_t randomBlockDevSize =

            mFdp.ConsumeIntegralInRange<uint64_t>(kMinBlockDevValue, kMaxBlockDevValue);

    uint64_t blockDevSize = mFdp.ConsumeBool() ? kSuperLayoutValidBlockDevSize : randomBlockDevSize;
@@ -73,7 +71,7 @@ void SuperLayoutBuilderFuzzer::setupSuperLayoutBuilder(string fuzzPartitionName) 
            mFdp.ConsumeIntegralInRange<uint32_t>(kMinMetadataValue, kMaxMetadataValue);

    uint32_t metadataMaxSize =

            mFdp.ConsumeBool() ? kSuperLayoutValidMetadataSize : randomMetadataMaxSize;

    uint32_t metadataSlotCount = mFdp.ConsumeIntegralInRange<uint32_t>(kMinSlot, kMaxSlot);

    uint32_t metadataSlotCount = mFdp.ConsumeBool() ? 0 : 1;

    mSuperBuilder = MetadataBuilder::New(blockDevSize, metadataMaxSize, metadataSlotCount);



    if (mSuperBuilder.get()) {
@@ -85,10 +83,6 @@ void SuperLayoutBuilderFuzzer::setupSuperLayoutBuilder(string fuzzPartitionName) 


        uint32_t randomOpen = mFdp.ConsumeIntegralInRange<uint32_t>(kMinOpen, kMaxOpen);

        callRandomOpen(randomOpen);



        if (!fuzzPartitionName.size()) {

            fuzzPartitionName = "builder_partition";

        }

    }

}
@@ -125,7 +119,10 @@ void SuperLayoutBuilderFuzzer::invokeSuperLayoutBuilderAPIs() { 
    string imageName = mFdp.ConsumeRandomLengthString(kMaxBytes);

    string fuzzPartitionName =

            mFdp.ConsumeBool() ? "builder_partition" : mFdp.ConsumeRandomLengthString(kMaxBytes);

    setupSuperLayoutBuilder(fuzzPartitionName);

    if (!fuzzPartitionName.size()) {

        fuzzPartitionName = "builder_partition";

    }

    setupSuperLayoutBuilder();

    if (mOpenSuccess) {

        while (mFdp.remaining_bytes()) {

            auto invokeSuperAPIs = mFdp.PickValueInArray<const function<void()>>({